"Apple wants to collect and store your fingerprints..."
Beyond stupid. Fuck off right now.
Apple wants to collect and store your fingerprints to spread its payment service and simplify download authorisation. Cupertino aspires to upgrade its TouchID with the capability to collect, encrypt and upload fingerprints to Apple servers so that users can verify their identities with a single print matched to those stored …
You are barking up the wrong tree.
Apple do not want to store your fingerprints in the cloud. They want to store your fingerprint enrolment data in the cloud, i.e. a hash code. Your fingerprint cannot be reconstructed from the hash code; it can only be used for verification purposes. Rather like your cloud-based El Reg password is stored as a hash. Bad boys aren't able to pinch your password if they dip into the El Reg user database.
As I see it, this would only be useful if you get a new iDevice and want to save a bit of time by not having to re-scan your fingerprints. Hardly the greatest benefit in the world.
i am intrigued that currently these hash codes are stored on-device in a secure element. This was much reported when Touch ID surfaced, and is likely a mainstay of Apple Pay. So I'm getting a mixed message here.
A patent doesn't mean it will make it into a product...
The "I don't want to re-enroll my device" ease of use thing could be handled by having some special 'security sharing' mode the devices can be put into that copies this data over a point to point Bluetooth connection.
Or if it is uploaded to iCloud, it is encrypted by your own password so Apple couldn't read it or hand it over to the NSA even if they wanted. That's how I think all iCloud data should be treated, and until it is I have refused to use iCloud. If they do allow fingerprint hashes to be stored on iCloud, I won't care because I don't even have my Contacts going to iCloud, why would do so for this?
Apple do not want to store your fingerprints in the cloud. They want to store your fingerprint enrolment data in the cloud, i.e. a hash code.
You are correct that they are proposing to save the hash, not the actual fingerprint. However, if someone somehow ends up with that hash, you are fucked, because the system only checks that the hash it receives is the same as the one stored. And forevermore, your finger will produce that hash - short of inflicting permanent scars on your fingers and hoping that it changes the hash sufficiently that using the old hash is no longer accepted.
Nope.
This is the hash code of an account password that I use to login to a live website.
9z076KYZa3ULVBHYTWNtbGL2vmM=
You didn't hack into its database, but I'm letting you know what it is to save you the trouble.
Care to tell me what password you're going to use to try to fool the login system? Hint: the website isn't expecting you to type in the above hash.
Further, it's not true to say that your finger will forever produce the same hash. It is almost certainly produced in conjunction with a random salt value. Just like when you update your password on a website that has any kind of decent security.
Good luck.
This actually doesn't help. All they have to do is use the same algorithm to generate a hash and run the comparison against the hashes apple has.
While this means someone at Apple can't reconstruct your fingerprint from the hash, the FBI/CIA/NSA/GCHQ/WTF Ever can use it to verify your fingerprint.
Bad boys aren't able to pinch your password if they dip into the El Reg user database.
I wish this were a universal, eternal truth but it isn't. Look up "hash collision." Depending on the hash method, or pair-wise combination in some implementations, it is possible to work out a value that presents the same hashed result as if it were the solution. [Thus hash collision.] We've already had existing algorithms, now deprecated but still found out "in the wild," fall to improvements in both computing power and differing attacks on the cryptographic maths and/or algorithms. You just have to throw enough computing power at the problem. I don't even want to get into quantum computing (least/relaxed energy states, yada, yada). What I don't get is how Apple expects to get a patent on it as it's obvious even to a past Practitioner of the Art let alone someone up to the minute current. It's patently obvious. [Yeah, shoot me. I'm in pain anyway today. Get it over with.]
This post has been deleted by its author
It wouldn't be so bad if it wasn't Apple doing it. For instance if the Australian Govt announced a major new database holding identifying information about everybody in the country, we could do something about it. But no, Apple can do anything they want. They make Papal infallability look like small beer.
What fantasy land do you live in that you think you can "do something" about stupid things your government wants to do? If Apple wants to do something stupid, consumers can stop it pretty quickly by refusing to buy their products. If that happened, they'd U-turn, damn fast! When its the government doing something stupid, you have little say, because the lobbyists are in the driver's seat. Maybe Australia isn't owned by them quite so thoroughly as the US, but if not I'm sure they're well on their way.
Anyway, you don't have to enable iCloud. I don't use it for anything. Plus this is a patent, and may never be found in a product. Most patents (from everyone, not just Apple) never see the light of day.
Before you bash Apple,
How do you believe this to be patentable?
The patent should be denied on the grounds that its neither new, nor innovative.
We should flog those in the Patent office and in Congress. Bring back the reforms and vote! Harry Reid is no longer in charge and the Trial Lawyers haven't gotten enough money in to the pockets of the Republicans.
This is yet again more reason for Patent reform.
Why on earth do they endeavour to bring down security by putting biometric sensors on the phones, tablets and PCs which have been somehow protected by passwords?
Threats that can be thwarted by biometric products operated together with fallback/backup passwords can be thwarted more securely by passwords only.
Whether static, behavioural or electromagnetic, biometric products are generally operated together with a password by OR/Disjunction (as against AND/Conjunction that is common for 2-factor authentication) so that users can unlock the devices by passwords when falsely rejected by the biometric sensors. This means that the overall vulnerability of the product is the sum of the vulnerability of biometrics (x) and that of a password (y). The sum (x + y - xy) is necessarily larger than the vulnerability of a password (y), say, the devices with Touch ID and other biometric sensors are even less secure than the devices protected only by a weak password.
These biometric products might look more secure in appearance, but it is just a false sense of security. Many of the consumers, who are trapped in the false sense of security, may well be piling up more of their information assets in the cyber space while some of the criminals, who are aware that those consumers are now less secure, may well be silently waiting for the pig to be fat.
False sense of security about a threat could be even worse than the threat itself. It is a conundrum how it is possible for so many security professionals to remain indifferent to such a nightmarish situation.
I think you overstate the need for and perception of need for true security in a mobile device. If someone steals your phone, what do they really get? They can find out your contacts, read your email, read your Facebook. Do you think this is something the average person is really concerned about? They aren't getting in anything critical like your bank account, because those apps will have their own password.
Look at the state of security on Android devices today, where most people draw a simple pattern between 12 dots that can be replicated after seeing it once or guessed in a lot less time than it takes to hack Touch ID. There was an article that said the percentage of people who had ANY security enabled on their iPhone went from under 50% to over 90% when they adopted a device using Touch ID. Some security is better than none, even if it isn't the "perfect security" you imagine normal people should care about having.
It is just a phone, after all, and even if someone snags it and hacks Touch ID to make purchases you aren't held responsible for them anymore than you are if someone snags your wallet and uses your credit card. The ability is there for you to have high security if you want, but it isn't and shouldn't be forced on your grandmother.
"They aren't getting in anything critical like your bank account, because those apps will have their own password...."
As you have stated they have you emails, your logins to other apps, such as Facebook, Linked In, Twitter etc etc.
So off to the bank website we go. Enter name...reset password.
Ha ha...thwarted as it's asked for my date of birth. Facebook profile. Thank you very much
Mother maiden name: Again Facebook. look for same surname, look for anniversaries, Mr X and Mrs Y married on this day. Check.
Name of first school, again Facebook? Darn not there. Ok lets try friends reunited. Name: OK, Reset password (after all you haven't logged in for 3 years. New PW sent to email. Thanks. log into Friends reuited. Find schools attended (btw you can often do this with LinkedIn as well)
Back to bank. send new password
Sent new password to email. Jobs a good 'un.
.
If this sounds like fantasy, it's not. I did EXACTLY this to prove to a friend how easy it was.
"The sum (x + y - xy) is necessarily larger than the vulnerability of a password (y), say, the devices with Touch ID and other biometric sensors are even less secure than the devices protected only by a weak password."
Of course that only applies if the password is the same in both cases.
on an iDevice it becomes easy to say "have a more complex passcode", so have a non 4 digit passcode (so it doesn't even try to hit return for you when you have typed enough digits).
Now x' >>> x, so the comparison is between x and (x'+y -x'.y). I'd suggest that the difference is entirely dependant on y.
*yes* I know one could set the longer passcode even without the biometric, but there is some benefit in the convenience of using the biometric.
Next they'll come out with the cameras, then the loopy transparency scheme, and finally a hat that'll feed Apple-generated happy thoughts directly into your cortex while you slave for them. Better go ahead preparing that remote mountain refuge, and stock up on canned food and firewood.
This is the gold standard for data grabs. You can change your name, get a new face, use a fake SSN, it won't matter. Hard to fake your fingerprint and (barring accidents or defacement) it will never change. Big Data has been wanting a unique ID for each of us, and this is the Holy Grail.
And how long until our beloved governments require us to use it? To sign up for phone service? Buy airline tickets? Establish credit? Gotta make sure you're really you, yanno. Just sayin'.
Those hashes aren't cryptographic hashes, they cannot be as the fingerprints will change depending on how well they are read. It's extremely unlikely that you get 2 pixel perfect fingerprint reads.
So I certainly wouldn't rule out the possibility that you can get from "hash" to fingerprint within acceptable amounts of time.
Why has nobody researched this yet? Because it's so easy to get a fingerprint in another way. People leave their fingerprints everywhere. And this was known for ages. In the episode "The Human Factor" even MacGyver used latent handprints on a handprint sensor to get access.